📦 Open Source Point Of Sale

by Opensourcepos

🔍 What is Open Source Point Of Sale?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2026-26746

HIGH CVSS 8.8 Feb 20, 2026

OpenSourcePOS 3.4.1 contains a Local File Inclusion vulnerability that allows attackers to read arbitrary files on the web server by manipulating invoice type settings. This can be combined with file ...

CVE-2025-70093

HIGH CVSS 7.4 Feb 13, 2026

This vulnerability in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code on the server by sending a specially crafted AJAX response. This affects all systems running the vulnerable versio...

CVE-2025-68434

HIGH CVSS 8.8 Dec 17, 2025

A Cross-Site Request Forgery (CSRF) vulnerability in Open Source Point of Sale (OSPOS) allows unauthenticated attackers to create administrator accounts when logged-in administrators visit malicious w...

CVE-2025-68147

HIGH CVSS 8.1 Dec 17, 2025

A stored XSS vulnerability in Open Source Point of Sale allows attackers with administrative access to inject malicious JavaScript into the Return Policy field. This code executes when users view rece...

CVE-2025-66923

HIGH CVSS 7.2 Dec 17, 2025

This Cross-site scripting (XSS) vulnerability in Open Source Point of Sale v3.4.1 allows remote attackers to inject malicious scripts via the phone_number parameter when creating or updating customer ...

CVE-2025-66921

HIGH CVSS 7.2 Dec 17, 2025

This Cross-site scripting (XSS) vulnerability in Open Source Point of Sale v3.4.1 allows remote attackers to inject malicious scripts via the 'name' parameter in the Create/Update Item(s) module. Atta...

CVE-2025-63800

HIGH CVSS 7.5 Nov 18, 2025

This vulnerability allows authenticated users to set their account password to an empty string via the password change endpoint in Open Source Point of Sale 3.4.1. This disables authentication and cou...

CVE-2025-70095

MEDIUM CVSS 6.5 Feb 13, 2026

This cross-site scripting (XSS) vulnerability in OpenSourcePOS v3.4.1 allows attackers to inject malicious scripts into item management and sales invoice functions. When exploited, it enables executio...

CVE-2025-70094

MEDIUM CVSS 6.5 Feb 13, 2026

This cross-site scripting (XSS) vulnerability in OpenSourcePOS allows attackers to inject malicious scripts into the Item Category parameter during barcode generation. When exploited, it enables execu...

CVE-2025-66924

MEDIUM CVSS 6.1 Dec 17, 2025

This Cross-site scripting (XSS) vulnerability in Open Source Point of Sale allows attackers to inject malicious scripts into the 'name' parameter when creating or updating item kits. This affects user...